From 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 Mon Sep 17 00:00:00 2001 From: markus <> Date: Thu, 5 Sep 2002 12:51:50 +0000 Subject: import openssl-0.9.7-beta1 --- src/lib/libcrypto/doc/DH_set_method.pod | 64 ++-- src/lib/libcrypto/doc/DSA_set_method.pod | 63 ++-- src/lib/libcrypto/doc/ERR_error_string.pod | 16 +- src/lib/libcrypto/doc/ERR_get_error.pod | 30 +- src/lib/libcrypto/doc/ERR_remove_state.pod | 2 +- src/lib/libcrypto/doc/EVP_DigestInit.pod | 124 +++++-- src/lib/libcrypto/doc/EVP_EncryptInit.pod | 412 +++++++++++++++++---- src/lib/libcrypto/doc/EVP_OpenInit.pod | 28 +- src/lib/libcrypto/doc/EVP_SealInit.pod | 18 +- src/lib/libcrypto/doc/EVP_SignInit.pod | 41 +- src/lib/libcrypto/doc/EVP_VerifyInit.pod | 39 +- src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod | 59 ++- .../libcrypto/doc/OpenSSL_add_all_algorithms.pod | 5 +- src/lib/libcrypto/doc/RAND_add.pod | 25 +- src/lib/libcrypto/doc/RAND_load_file.pod | 2 +- src/lib/libcrypto/doc/RAND_set_rand_method.pod | 4 +- src/lib/libcrypto/doc/RSA_generate_key.pod | 2 +- src/lib/libcrypto/doc/RSA_get_ex_new_index.pod | 14 +- src/lib/libcrypto/doc/RSA_print.pod | 5 +- src/lib/libcrypto/doc/RSA_public_encrypt.pod | 6 +- src/lib/libcrypto/doc/RSA_set_method.pod | 83 +++-- src/lib/libcrypto/doc/bn.pod | 18 +- src/lib/libcrypto/doc/dh.pod | 9 +- src/lib/libcrypto/doc/dsa.pod | 9 +- src/lib/libcrypto/doc/evp.pod | 2 +- src/lib/libcrypto/doc/rsa.pod | 17 +- 26 files changed, 797 insertions(+), 300 deletions(-) (limited to 'src/lib/libcrypto/doc') diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod index dca41d8dbc..d990bf8786 100644 --- a/src/lib/libcrypto/doc/DH_set_method.pod +++ b/src/lib/libcrypto/doc/DH_set_method.pod @@ -2,20 +2,21 @@ =head1 NAME -DH_set_default_method, DH_get_default_method, DH_set_method, -DH_new_method, DH_OpenSSL - select DH method +DH_set_default_openssl_method, DH_get_default_openssl_method, +DH_set_method, DH_new_method, DH_OpenSSL - select DH method =head1 SYNOPSIS #include + #include - void DH_set_default_method(DH_METHOD *meth); + void DH_set_default_openssl_method(DH_METHOD *meth); - DH_METHOD *DH_get_default_method(void); + DH_METHOD *DH_get_default_openssl_method(void); - DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); + int DH_set_method(DH *dh, ENGINE *engine); - DH *DH_new_method(DH_METHOD *meth); + DH *DH_new_method(ENGINE *engine); DH_METHOD *DH_OpenSSL(void); @@ -28,20 +29,26 @@ such as hardware accelerators may be used. Initially, the default is to use the OpenSSL internal implementation. DH_OpenSSL() returns a pointer to that method. -DH_set_default_method() makes B the default method for all B -structures created later. +DH_set_default_openssl_method() makes B the default method for all DH +structures created later. B This is true only whilst the default engine +for Diffie-Hellman operations remains as "openssl". ENGINEs provide an +encapsulation for implementations of one or more algorithms, and all the DH +functions mentioned here operate within the scope of the default +"openssl" engine. -DH_get_default_method() returns a pointer to the current default -method. +DH_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -DH_set_method() selects B for all operations using the structure B. +DH_set_method() selects B as the engine that will be responsible for +all operations using the structure B. If this function completes successfully, +then the B structure will have its own functional reference of B, so +the caller should remember to free their own reference to B when they are +finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by +ENGINE_get_DH() or ENGINE_set_DH(). -DH_get_method() returns a pointer to the method currently selected -for B. - -DH_new_method() allocates and initializes a B structure so that -B will be used for the DH operations. If B is B, -the default method is used. +DH_new_method() allocates and initializes a DH structure so that +B will be used for the DH operations. If B is NULL, +the default engine for Diffie-Hellman opertaions is used. =head1 THE DH_METHOD STRUCTURE @@ -56,7 +63,7 @@ the default method is used. /* compute shared secret */ int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); - /* compute r = a ^ p mod m. May be NULL */ + /* compute r = a ^ p mod m (May be NULL for some implementations) */ int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -75,17 +82,17 @@ the default method is used. =head1 RETURN VALUES -DH_OpenSSL(), DH_get_default_method() and DH_get_method() return -pointers to the respective Bs. +DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the +respective Bs. -DH_set_default_method() returns no value. +DH_set_default_openssl_method() returns no value. -DH_set_method() returns a pointer to the B previously -associated with B. +DH_set_method() returns non-zero if the ENGINE associated with B +was successfully changed to B. -DH_new_method() returns B and sets an error code that can be -obtained by L if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +DH_new_method() returns NULL and sets an error code that can be +obtained by L if the allocation fails. +Otherwise it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -96,4 +103,9 @@ L, L DH_set_default_method(), DH_get_default_method(), DH_set_method(), DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. +DH_set_default_openssl_method() and DH_get_default_openssl_method() +replaced DH_set_default_method() and DH_get_default_method() respectively, +and DH_set_method() and DH_new_method() were altered to use Bs +rather than Bs during development of OpenSSL 0.9.6. + =cut diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod index 0b13ec9237..36a1052d27 100644 --- a/src/lib/libcrypto/doc/DSA_set_method.pod +++ b/src/lib/libcrypto/doc/DSA_set_method.pod @@ -2,20 +2,21 @@ =head1 NAME -DSA_set_default_method, DSA_get_default_method, DSA_set_method, -DSA_new_method, DSA_OpenSSL - select RSA method +DSA_set_default_openssl_method, DSA_get_default_openssl_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method =head1 SYNOPSIS - #include + #include + #include - void DSA_set_default_method(DSA_METHOD *meth); + void DSA_set_default_openssl_method(DSA_METHOD *meth); - DSA_METHOD *DSA_get_default_method(void); + DSA_METHOD *DSA_get_default_openssl_method(void); - DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); + int DSA_set_method(DSA *dsa, ENGINE *engine); - DSA *DSA_new_method(DSA_METHOD *meth); + DSA *DSA_new_method(ENGINE *engine); DSA_METHOD *DSA_OpenSSL(void); @@ -28,20 +29,21 @@ such as hardware accelerators may be used. Initially, the default is to use the OpenSSL internal implementation. DSA_OpenSSL() returns a pointer to that method. -DSA_set_default_method() makes B the default method for all B -structures created later. +DSA_set_default_openssl_method() makes B the default method for +all DSA structures created later. B This is true only whilst the +default engine for DSA operations remains as "openssl". ENGINEs +provide an encapsulation for implementations of one or more algorithms at a +time, and all the DSA functions mentioned here operate within the scope +of the default "openssl" engine. -DSA_get_default_method() returns a pointer to the current default -method. +DSA_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -DSA_set_method() selects B for all operations using the structure B. +DSA_set_method() selects B for all operations using the structure B. -DSA_get_method() returns a pointer to the method currently selected -for B. - -DSA_new_method() allocates and initializes a B structure so that -B will be used for the DSA operations. If B is B, -the default method is used. +DSA_new_method() allocates and initializes a DSA structure so that +B will be used for the DSA operations. If B is NULL, +the default engine for DSA operations is used. =head1 THE DSA_METHOD STRUCTURE @@ -62,12 +64,13 @@ struct int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); - /* compute rr = a1^p1 * a2^p2 mod m. May be NULL */ + /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some + implementations) */ int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); - /* compute r = a ^ p mod m. May be NULL */ + /* compute r = a ^ p mod m (May be NULL for some implementations) */ int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -86,18 +89,17 @@ struct =head1 RETURN VALUES -DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return -pointers to the respective Bs. +DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the +respective Bs. -DSA_set_default_method() returns no value. +DSA_set_default_openssl_method() returns no value. -DSA_set_method() returns a pointer to the B previously -associated with B. +DSA_set_method() returns non-zero if the ENGINE associated with B +was successfully changed to B. -DSA_new_method() returns B and sets an error code that can be +DSA_new_method() returns NULL and sets an error code that can be obtained by L if the allocation -fails. Otherwise it returns a pointer to the newly allocated -structure. +fails. Otherwise it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -108,4 +110,9 @@ L, L DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. +DSA_set_default_openssl_method() and DSA_get_default_openssl_method() +replaced DSA_set_default_method() and DSA_get_default_method() respectively, +and DSA_set_method() and DSA_new_method() were altered to use Bs +rather than Bs during development of OpenSSL 0.9.6. + =cut diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod index 0d2417599c..e01beb817a 100644 --- a/src/lib/libcrypto/doc/ERR_error_string.pod +++ b/src/lib/libcrypto/doc/ERR_error_string.pod @@ -2,13 +2,16 @@ =head1 NAME -ERR_error_string - obtain human-readable error message +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string - obtain human-readable +error message =head1 SYNOPSIS #include char *ERR_error_string(unsigned long e, char *buf); + char *ERR_error_string_n(unsigned long e, char *buf, size_t len); const char *ERR_lib_error_string(unsigned long e); const char *ERR_func_error_string(unsigned long e); @@ -17,9 +20,13 @@ ERR_error_string - obtain human-readable error message =head1 DESCRIPTION ERR_error_string() generates a human-readable string representing the -error code B, and places it at B. B must be at least 120 -bytes long. If B is B, the error string is placed in a +error code I, and places it at I. I must be at least 120 +bytes long. If I is B, the error string is placed in a static buffer. +ERR_error_string_n() is a variant of ERR_error_string() that writes +at most I characters (including the terminating 0) +and truncates the string if necessary. +For ERR_error_string_n(), I may not be B. The string will have the following format: @@ -45,7 +52,7 @@ all error codes currently in the queue. =head1 RETURN VALUES ERR_error_string() returns a pointer to a static buffer containing the -string if B, B otherwise. +string if I B<== NULL>, I otherwise. ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the strings, and B if @@ -61,5 +68,6 @@ L =head1 HISTORY ERR_error_string() is available in all versions of SSLeay and OpenSSL. +ERR_error_string_n() was added in OpenSSL 0.9.6. =cut diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod index 75ece00d97..9fdedbcb91 100644 --- a/src/lib/libcrypto/doc/ERR_get_error.pod +++ b/src/lib/libcrypto/doc/ERR_get_error.pod @@ -2,7 +2,10 @@ =head1 NAME -ERR_get_error, ERR_peek_error - obtain error code +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_line_data, ERR_peek_error_line_data, +ERR_peek_error_line_data - obtain error code and data =head1 SYNOPSIS @@ -10,22 +13,29 @@ ERR_get_error, ERR_peek_error - obtain error code unsigned long ERR_get_error(void); unsigned long ERR_peek_error(void); + unsigned long ERR_peek_last_error(void); unsigned long ERR_get_error_line(const char **file, int *line); unsigned long ERR_peek_error_line(const char **file, int *line); + unsigned long ERR_peek_last_error_line(const char **file, int *line); unsigned long ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags); unsigned long ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags); + unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); =head1 DESCRIPTION -ERR_get_error() returns the last error code from the thread's error +ERR_get_error() returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. -ERR_peek_error() returns the last error code from the thread's +ERR_peek_error() returns the earliest error code from the thread's +error queue without modifying it. + +ERR_peek_last_error() returns the latest error code from the thread's error queue without modifying it. See L for obtaining information about @@ -33,14 +43,16 @@ location and reason of the error, and L for human-readable error messages. -ERR_get_error_line() and ERR_peek_error_line() are the same as the -above, but they additionally store the file name and line number where +ERR_get_error_line(), ERR_peek_error_line() and +ERR_peek_last_error_line() are the same as the above, but they +additionally store the file name and line number where the error occurred in *B and *B, unless these are B. -ERR_get_error_line_data() and ERR_peek_error_line_data() store -additional data and flags associated with the error code in *B +ERR_get_error_line_data(), ERR_peek_error_line_data() and +ERR_get_last_error_line_data() store additional data and flags +associated with the error code in *B and *B, unless these are B. *B contains a string -if *B&B. If it has been allocated by Malloc(), +if *B&B. If it has been allocated by OPENSSL_malloc(), *B&B is true. =head1 RETURN VALUES @@ -58,5 +70,7 @@ ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and ERR_peek_error_line() are available in all versions of SSLeay and OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() were added in SSLeay 0.9.0. +ERR_peek_last_error(), ERR_peek_last_error_line() and +ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7. =cut diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod index ebcdc0f5a5..72925fb9f4 100644 --- a/src/lib/libcrypto/doc/ERR_remove_state.pod +++ b/src/lib/libcrypto/doc/ERR_remove_state.pod @@ -16,7 +16,7 @@ ERR_remove_state() frees the error queue associated with thread B. If B == 0, the current thread will have its error queue removed. Since error queue data structures are allocated automatically for new -threads, they must be freed when threads are terminated in oder to +threads, they must be freed when threads are terminated in order to avoid memory leaks. =head1 RETURN VALUE diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod index 345b1ddfa7..b3a61f1c5d 100644 --- a/src/lib/libcrypto/doc/EVP_DigestInit.pod +++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod @@ -2,21 +2,40 @@ =head1 NAME -EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines +EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, +EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, +EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, +EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - +EVP digest routines =head1 SYNOPSIS #include - void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); - void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + void EVP_MD_CTX_init(EVP_MD_CTX *ctx); + EVP_MD_CTX *EVP_MD_CTX_create(void); + + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); + + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); + + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); + #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ + + #define EVP_MD_type(e) ((e)->type) #define EVP_MD_pkey_type(e) ((e)->pkey_type) #define EVP_MD_size(e) ((e)->md_size) @@ -27,15 +46,15 @@ EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) - EVP_MD *EVP_md_null(void); - EVP_MD *EVP_md2(void); - EVP_MD *EVP_md5(void); - EVP_MD *EVP_sha(void); - EVP_MD *EVP_sha1(void); - EVP_MD *EVP_dss(void); - EVP_MD *EVP_dss1(void); - EVP_MD *EVP_mdc2(void); - EVP_MD *EVP_ripemd160(void); + const EVP_MD *EVP_md_null(void); + const EVP_MD *EVP_md2(void); + const EVP_MD *EVP_md5(void); + const EVP_MD *EVP_sha(void); + const EVP_MD *EVP_sha1(void); + const EVP_MD *EVP_dss(void); + const EVP_MD *EVP_dss1(void); + const EVP_MD *EVP_mdc2(void); + const EVP_MD *EVP_ripemd160(void); const EVP_MD *EVP_get_digestbyname(const char *name); #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -45,25 +64,48 @@ EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines The EVP digest routines are a high level interface to message digests. -EVP_DigestInit() initialises a digest context B to use a digest -B: this will typically be supplied by a function such as -EVP_sha1(). +EVP_MD_CTX_init() initializes digest contet B. + +EVP_MD_CTX_create() allocates, initializes and returns a digest contet. + +EVP_DigestInit_ex() sets up digest context B to use a digest +B from ENGINE B. B must be initialized before calling this +function. B will typically be supplied by a functionsuch as EVP_sha1(). +If B is NULL then the default implementation of digest B is used. EVP_DigestUpdate() hashes B bytes of data at B into the -digest context B. This funtion can be called several times on the +digest context B. This function can be called several times on the same B to hash additional data. -EVP_DigestFinal() retrieves the digest value from B and places +EVP_DigestFinal_ex() retrieves the digest value from B and places it in B. If the B parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at B, at most B bytes will be written. -After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() -can be made, but EVP_DigestInit() can be called to initialiase a new +After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() +can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation. -EVP_MD_CTX_copy() can be used to copy the message digest state from +EVP_MD_CTX_cleanup() cleans up digest context B, it should be called +after a digest context is no longer needed. + +EVP_MD_CTX_destroy() cleans up digest context B and frees up the +space allocated to it, it should be called only on a context created +using EVP_MD_CTX_create(). + +EVP_MD_CTX_copy_ex() can be used to copy the message digest state from B to B. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. +hashed which only differ in the last few bytes. B must be initialized +before calling this function. + +EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except +the passed context B does not have to be initialized, and it always +uses the default digest implementation. + +EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest +contet B is automatically cleaned up. + +EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination +B does not have to be initialized. EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest when passed an B or an B structure, i.e. the size of the @@ -97,14 +139,15 @@ returns is of zero length. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return an B structure when passed a digest name, a digest NID or -an ASN1_OBJECT structure respectively. The digest table must be initialised +an ASN1_OBJECT structure respectively. The digest table must be initialized using, for example, OpenSSL_add_all_digests() for these functions to work. =head1 RETURN VALUES -EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. +EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for +success and 0 for failure. -EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. +EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. @@ -129,6 +172,19 @@ transparent to the digest used and much more flexible. SHA1 is the digest of choice for new applications. The other digest algorithms are still in common use. +For most applications the B parameter to EVP_DigestInit_ex() will be +set to NULL to use the default digest implementation. + +The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +obsolete but are retained to maintain compatibility with existing code. New +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. + +In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use +memory leaks will occur. + =head1 EXAMPLE This example digests the data "Test Message\n" and "Hello World\n", using the @@ -160,10 +216,12 @@ digest name passed on the command line. exit(1); } - EVP_DigestInit(&mdctx, md); + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, md, NULL); EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); - EVP_DigestFinal(&mdctx, md_value, &md_len); + EVP_DigestFinal_ex(&mdctx, md_value, &md_len); + EVP_MD_CTX_cleanup(&mdctx); printf("Digest is: "); for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); @@ -172,17 +230,10 @@ digest name passed on the command line. =head1 BUGS -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. - The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests. -The size of an B structure is determined at compile time: this results -in code that must be recompiled if the size of B increases. - =head1 SEE ALSO L, L, L, @@ -194,4 +245,7 @@ L, L EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are available in all versions of SSLeay and OpenSSL. +EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() +were added in OpenSSL 0.9.7. + =cut diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index 77ed4ccdba..371b6a2287 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod @@ -2,34 +2,68 @@ =head1 NAME -EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines +EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, +EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, +EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, +EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, +EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, +EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, +EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, +EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, +EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding - EVP cipher routines =head1 SYNOPSIS #include - void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); + + int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + ENGINE *impl, unsigned char *key, unsigned char *iv); + int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); - void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + ENGINE *impl, unsigned char *key, unsigned char *iv); + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + + int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); + int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + + int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv, int enc); - void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); + int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); + int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); const EVP_CIPHER *EVP_get_cipherbyname(const char *name); #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) @@ -38,15 +72,21 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines #define EVP_CIPHER_nid(e) ((e)->nid) #define EVP_CIPHER_block_size(e) ((e)->block_size) #define EVP_CIPHER_key_length(e) ((e)->key_len) - #define EVP_CIPHER_iv_length(e) ((e)->iv_len) - + #define EVP_CIPHER_iv_length(e) ((e)->iv_len) + #define EVP_CIPHER_flags(e) ((e)->flags) + #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) int EVP_CIPHER_type(const EVP_CIPHER *ctx); + #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) - #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) + #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) + #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) + #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) + #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) + #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -56,16 +96,19 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines The EVP cipher routines are a high level interface to certain symmetric ciphers. -EVP_EncryptInit() initialises a cipher context B for encryption -with cipher B. B is normally supplied by a function such -as EVP_des_cbc() . B is the symmetric key to use and B is the -IV to use (if necessary), the actual number of bytes used for the -key and IV depends on the cipher. It is possible to set all parameters -to NULL except B in an initial call and supply the remaining -parameters in subsequent calls. This is normally done when the -EVP_CIPHER_asn1_to_param() function is called to set the cipher -parameters from an ASN1 AlgorithmIdentifier and the key from a -different source. +EVP_CIPHER_CTX_init() initializes cipher contex B. + +EVP_EncryptInit_ex() sets up cipher context B for encryption +with cipher B from ENGINE B. B must be initialized +before calling this function. B is normally supplied +by a function such as EVP_des_cbc(). If B is NULL then the +default implementation is used. B is the symmetric key to use +and B is the IV to use (if necessary), the actual number of bytes +used for the key and IV depends on the cipher. It is possible to set +all parameters to NULL except B in an initial call and supply +the remaining parameters in subsequent calls, all of which have B +set to NULL. This is done when the default cipher parameters are not +appropriate. EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called @@ -73,31 +116,49 @@ multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so B should contain sufficient -room. The actual number of bytes written is placed in B. +room. The actual number of bytes written is placed in B. -EVP_EncryptFinal() encrypts the "final" data, that is any data that -remains in a partial block. It uses L (aka PKCS -padding). The encrypted final data is written to B which should -have sufficient space for one cipher block. The number of bytes written -is placed in B. After this function is called the encryption operation -is finished and no further calls to EVP_EncryptUpdate() should be made. - -EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the -corresponding decryption operations. EVP_DecryptFinal() will return an -error code if the final block is not correctly formatted. The parameters -and restrictions are identical to the encryption operations except that -the decrypted data buffer B passed to EVP_DecryptUpdate() should -have sufficient room for (B + cipher_block_size) bytes unless the -cipher block size is 1 in which case B bytes is sufficient. +If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts +the "final" data, that is any data that remains in a partial block. +It uses L (aka PKCS padding). The encrypted +final data is written to B which should have sufficient space for +one cipher block. The number of bytes written is placed in B. After +this function is called the encryption operation is finished and no further +calls to EVP_EncryptUpdate() should be made. -EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions -that can be used for decryption or encryption. The operation performed -depends on the value of the B parameter. It should be set to 1 for -encryption and 0 for decryption. +If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. -EVP_CIPHER_CTX_cleanup() clears all information from a cipher context. -It should be called after all operations using a cipher are complete -so sensitive information does not remain in memory. +EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the +corresponding decryption operations. EVP_DecryptFinal() will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer B +passed to EVP_DecryptUpdate() should have sufficient room for +(B + cipher_block_size) bytes unless the cipher block size is 1 in +which case B bytes is sufficient. + +EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the B parameter. It should be set +to 1 for encryption, 0 for decryption and -1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). + +EVP_CIPHER_CTX_cleanup() clears all information from a cipher context +and free up any allocated memory associate with it. It should be called +after all operations using a cipher are complete so sensitive information +does not remain in memory. + +EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a +similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and +EVP_CipherInit_ex() except the B paramter does not need to be +initialized and they always use the default cipher implementation. + +EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a +similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and +EVP_CipherFinal_ex() except B is automatically cleaned up +after the call. EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an EVP_CIPHER structure when passed a cipher name, a NID or an @@ -108,10 +169,23 @@ passed an B or B structure. The actual NID value is an internal value which may not have a corresponding OBJECT IDENTIFIER. +EVP_CIPHER_CTX_set_padding() enables or disables padding. By default +encryption operations are padded using standard block padding and the +padding is checked and removed when decrypting. If the B parameter +is zero then no padding is performed, the total amount of data encrypted +or decrypted must then be a multiple of the block size or an error will +occur. + EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length of a cipher when passed an B or B structure. The constant B is the maximum key length -for all ciphers. +for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a +given cipher, the value of EVP_CIPHER_CTX_key_length() may be different +for variable key length ciphers. + +EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length of a cipher when passed an B or B. @@ -133,6 +207,11 @@ B. EVP_CIPHER_CTX_cipher() returns the B structure when passed an B structure. +EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: +EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or +EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then +EVP_CIPH_STREAM_CIPHER is returned. + EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will typically include any parameters and an IV. The cipher IV (if any) must be set when this call is made. This call @@ -149,21 +228,24 @@ key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally EVP_CipherInit() again with all parameters except the key set to NULL. It is possible for this function to fail if the cipher does not have any ASN1 support or the parameters cannot be set (for example the RC2 effective key length -does not have an B structure). +is not supported. + +EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined +and set. Currently only the RC2 effective key length and the number of rounds of +RC5 can be set. =head1 RETURN VALUES -EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return -values. +EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and +EVP_EncryptFinal_ex() return 1 for success and 0 for failure. -EVP_DecryptInit() and EVP_DecryptUpdate() do not return values. -EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success. +EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. +EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. -EVP_CipherInit() and EVP_CipherUpdate() do not return values. -EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if -the operation is encryption then it always returns 1. +EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. +EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. -EVP_CIPHER_CTX_cleanup() does not return a value. +EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an B structure or NULL on error. @@ -176,6 +258,8 @@ size. EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length. +EVP_CIPHER_CTX_set_padding() always returns 1. + EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length or zero if the cipher does not use an IV. @@ -187,6 +271,75 @@ EVP_CIPHER_CTX_cipher() returns an B structure. EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for success or zero for failure. +=head1 CIPHER LISTING + +All algorithms have a fixed key length unless otherwise stated. + +=over 4 + +=item EVP_enc_null() + +Null cipher: does nothing. + +=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void) + +DES in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void) + +Two key triple DES in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void) + +Three key triple DES in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_desx_cbc(void) + +DESX algorithm in CBC mode. + +=item EVP_rc4(void) + +RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. + +=item EVP_rc4_40(void) + +RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4() +and the EVP_CIPHER_CTX_set_key_length() function. + +=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void) + +IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) + +RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key +length cipher with an additional parameter called "effective key bits" or "effective key length". +By default both are set to 128 bits. + +=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void) + +RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. +These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and +EVP_CIPHER_CTX_ctrl() to set the key length and effective key length. + +=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void); + +Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key +length cipher. + +=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void) + +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key +length cipher. + +=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) + +RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length +cipher with an additional "number of rounds" parameter. By default the key length is set to 128 +bits and 12 rounds. + +=back + =head1 NOTES Where possible the B interface to symmetric ciphers should be used in @@ -201,19 +354,146 @@ encrypted then 5 padding bytes of value 5 will be added. When decrypting the final block is checked to see if it has the correct form. -Although the decryption operation can produce an error, it is not a strong -test that the input data or key is correct. A random block has better than -1 in 256 chance of being of the correct format and problems with the -input data earlier on will not produce a final decrypt error. +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. + +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. + +The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), +EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for +compatibility with existing code. New code should use EVP_EncryptInit_ex(), +EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), +EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an +existing context without allocating and freeing it up on each call. =head1 BUGS -The current B cipher interface is not as flexible as it should be. Only -certain "spot" encryption algorithms can be used for ciphers which have various -parameters associated with them (RC2, RC5 for example) this is inadequate. +For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is +a limitation of the current RC5 code rather than the EVP interface. + +EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with +default key lengths. If custom ciphers exceed these values the results are +unpredictable. This is because it has become standard practice to define a +generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. + +The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. + +=head1 EXAMPLES + +Get the number of rounds used in RC5: + + int nrounds; + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); + +Get the RC2 effective key length: + + int key_bits; + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); + +Set the number of rounds used in RC5: + + int nrounds; + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); + +Set the effective key length used in RC2: + + int key_bits; + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); + +Encrypt a string using blowfish: + + int do_crypt(char *outfile) + { + unsigned char outbuf[1024]; + int outlen, tmplen; + /* Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + unsigned char iv[] = {1,2,3,4,5,6,7,8}; + char intext[] = "Some Crypto Text"; + EVP_CIPHER_CTX ctx; + FILE *out; + EVP_CIPHER_CTX_init(&ctx); + EVP_EncryptInit_ex(&ctx, NULL, EVP_bf_cbc(), key, iv); + + if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) + { + /* Error */ + return 0; + } + /* Buffer passed to EVP_EncryptFinal() must be after data just + * encrypted to avoid overwriting it. + */ + if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) + { + /* Error */ + return 0; + } + outlen += tmplen; + EVP_CIPHER_CTX_cleanup(&ctx); + /* Need binary mode for fopen because encrypted data is + * binary data. Also cannot use strlen() on it because + * it wont be null terminated and may contain embedded + * nulls. + */ + out = fopen(outfile, "wb"); + fwrite(outbuf, 1, outlen, out); + fclose(out); + return 1; + } + +The ciphertext from the above example can be decrypted using the B +utility with the command line: + + S + +General encryption, decryption function example using FILE I/O and RC2 with an +80 bit key: + + int do_crypt(FILE *in, FILE *out, int do_encrypt) + { + /* Allow enough space in output buffer for additional block */ + inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + int inlen, outlen; + /* Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = "0123456789"; + unsigned char iv[] = "12345678"; + /* Don't set key or IV because we will modify the parameters */ + EVP_CIPHER_CTX_init(&ctx); + EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); + EVP_CIPHER_CTX_set_key_length(&ctx, 10); + /* We finished modifying parameters so now we can set key and IV */ + EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); + + for(;;) + { + inlen = fread(inbuf, 1, 1024, in); + if(inlen <= 0) break; + if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) + { + /* Error */ + return 0; + } + fwrite(outbuf, 1, outlen, out); + } + if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) + { + /* Error */ + return 0; + } + fwrite(outbuf, 1, outlen, out); + + EVP_CIPHER_CTX_cleanup(&ctx); + return 1; + } -Several of the functions do not return error codes because the software versions -can never fail. This is not true of hardware versions. =head1 SEE ALSO diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod index 9707a4b399..2e710da945 100644 --- a/src/lib/libcrypto/doc/EVP_OpenInit.pod +++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod @@ -10,9 +10,9 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, int ekl,unsigned char *iv,EVP_PKEY *priv); - void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); - void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION @@ -21,7 +21,7 @@ The EVP envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. -EVP_OpenInit() initialises a cipher context B for decryption +EVP_OpenInit() initializes a cipher context B for decryption with cipher B. It decrypts the encrypted symmetric key of length B bytes passed in the B parameter using the private key B. The IV is supplied in the B parameter. @@ -29,20 +29,32 @@ The IV is supplied in the B parameter. EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as documented on the L manual -page. +page. + +=head1 NOTES + +It is possible to call EVP_OpenInit() twice in the same way as +EVP_DecryptInit(). The first call should have B set to NULL +and (after setting any cipher parameters) it should be called again +with B set to NULL. + +If the cipher passed in the B parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. =head1 RETURN VALUES -EVP_OpenInit() returns -1 on error or an non zero integer (actually the +EVP_OpenInit() returns 0 on error or a non zero integer (actually the recovered secret key size) if successful. -EVP_SealUpdate() does not return a value. +EVP_OpenUpdate() returns 1 for success or 0 for failure. -EVP_SealFinal() returns 0 if the decrypt failed or 1 for success. +EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. =head1 SEE ALSO -L,L +L, L, L, L diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod index 1579d110fa..0451eb648a 100644 --- a/src/lib/libcrypto/doc/EVP_SealInit.pod +++ b/src/lib/libcrypto/doc/EVP_SealInit.pod @@ -10,9 +10,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); - void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); - void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION @@ -22,7 +22,7 @@ encryption. They generate a random key and then "envelope" it by using public key encryption. Data can then be encrypted using this key. -EVP_SealInit() initialises a cipher context B for encryption +EVP_SealInit() initializes a cipher context B for encryption with cipher B using a random secret key and IV supplied in the B parameter. B is normally supplied by a function such as EVP_des_cbc(). The secret key is encrypted using one or more public @@ -41,9 +41,10 @@ page. =head1 RETURN VALUES -EVP_SealInit() returns -1 on error or B if successful. +EVP_SealInit() returns 0 on error or B if successful. -EVP_SealUpdate() and EVP_SealFinal() do not return values. +EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for +failure. =head1 NOTES @@ -59,9 +60,14 @@ but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption. +It is possible to call EVP_SealInit() twice in the same way as +EVP_EncryptInit(). The first call should have B set to 0 +and (after setting any cipher parameters) it should be called again +with B set to NULL. + =head1 SEE ALSO -L,L +L, L, L, L diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod index bbc9203c9c..32e9d54809 100644 --- a/src/lib/libcrypto/doc/EVP_SignInit.pod +++ b/src/lib/libcrypto/doc/EVP_SignInit.pod @@ -8,10 +8,12 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions #include - void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); + void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); + int EVP_PKEY_size(EVP_PKEY *pkey); =head1 DESCRIPTION @@ -19,30 +21,30 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions The EVP signature routines are a high level interface to digital signatures. -EVP_SignInit() initialises a signing context B to using digest -B: this will typically be supplied by a function such as -EVP_sha1(). +EVP_SignInit_ex() sets up signing context B to use digest +B from ENGINE B. B must be initialized with +EVP_MD_CTX_init() before calling this function. EVP_SignUpdate() hashes B bytes of data at B into the -signature context B. This funtion can be called several times on the +signature context B. This function can be called several times on the same B to include additional data. EVP_SignFinal() signs the data in B using the private key B and places the signature in B. If the B parameter is not NULL then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at B, at most EVP_PKEY_size(pkey) bytes -will be written. After calling EVP_SignFinal() no additional calls to -EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase -a new signature operation. +will be written. + +EVP_SignInit() initializes a signing context B to use the default +implementation of digest B. EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual signature returned by EVP_SignFinal() may be smaller. =head1 RETURN VALUES -EVP_SignInit() and EVP_SignUpdate() do not return values. - -EVP_SignFinal() returns 1 for success and 0 for failure. +EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 +for success and 0 for failure. EVP_PKEY_size() returns the maximum size of a signature in bytes. @@ -63,11 +65,18 @@ When signing with DSA private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for RSA signatures. +The call to EVP_SignFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called +later to digest and sign additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + =head1 BUGS -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +EVP_SignUpdate() could not be made after calling EVP_SignFinal(). =head1 SEE ALSO @@ -82,4 +91,6 @@ L, L EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are available in all versions of SSLeay and OpenSSL. +EVP_SignInit_ex() was added in OpenSSL 0.9.7 + =cut diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod index 3b5e07f4ad..80c656fde8 100644 --- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod +++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod @@ -8,30 +8,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f #include - void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); - void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); + int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); + =head1 DESCRIPTION The EVP signature verification routines are a high level interface to digital signatures. -EVP_VerifyInit() initialises a verification context B to using digest -B: this will typically be supplied by a function such as EVP_sha1(). +EVP_VerifyInit_ex() sets up verification context B to use digest +B from ENGINE B. B must be initialized by calling +EVP_MD_CTX_init() before calling this function. EVP_VerifyUpdate() hashes B bytes of data at B into the -verification context B. This funtion can be called several times on the +verification context B. This function can be called several times on the same B to include additional data. EVP_VerifyFinal() verifies the data in B using the public key B -and against the B bytes at B. After calling EVP_VerifyFinal() -no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit() -can be called to initialiase a new verification operation. +and against the B bytes at B. + +EVP_VerifyInit() initializes verification context B to use the default +implementation of digest B. =head1 RETURN VALUES -EVP_VerifyInit() and EVP_VerifyUpdate() do not return values. +EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for +failure. EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred. @@ -49,14 +54,22 @@ digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in L. +The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called +later to digest and verify additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + =head1 BUGS -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). =head1 SEE ALSO +L, L, L, L, L, L, L, @@ -68,4 +81,6 @@ L, L EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are available in all versions of SSLeay and OpenSSL. +EVP_VerifyInit_ex() was added in OpenSSL 0.9.7 + =cut diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod index b0b1058d19..c39ac35e78 100644 --- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod +++ b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number +OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number =head1 SYNOPSIS @@ -11,11 +11,27 @@ OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number #include long SSLeay(void); + const char *SSLeay_version(int t); =head1 DESCRIPTION OPENSSL_VERSION_NUMBER is a numeric release version identifier: + MMNNFFPPS: major minor fix patch status + +The status nibble has one of the values 0 for development, 1 to e for betas +1 to 14, and f for release. + +for example + + 0x000906000 == 0.9.6 dev + 0x000906023 == 0.9.6b beta 3 + 0x00090605f == 0.9.6e release + +Versions prior to 0.9.3 have identifiers E 0x0930. +Versions between 0.9.3 and 0.9.5 had a version identifier with this +interpretation: + MMNNFFRBB major minor fix final beta/patch for example @@ -23,13 +39,51 @@ for example 0x000904100 == 0.9.4 release 0x000905000 == 0.9.5 dev -Versions prior to 0.9.3 have identifiers E 0x0930. +Version 0.9.5a had an interim interpretation that is like the current one, +except the patch level got the highest bit set, to keep continuity. The +number was therefore 0x0090581f. + + For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. SSLeay() returns this number. The return value can be compared to the macro to make sure that the correct version of the library has been loaded, especially when using DLLs on Windows systems. +SSLeay_version() returns different strings depending on B: + +=over 4 + +=item SSLEAY_VERSION + +The text variant of the version number and the release date. For example, +"OpenSSL 0.9.5a 1 Apr 2000". + +=item SSLEAY_CFLAGS + +The compiler flags set for the compilation process in the form +"compiler: ..." if available or "compiler: information not available" +otherwise. + +=item SSLEAY_BUILT_ON + +The date of the build process in the form "built on: ..." if available +or "built on: date not available" otherwise. + +=item SSLEAY_PLATFORM + +The "Configure" target of the library build in the form "platform: ..." +if available or "platform: information not available" otherwise. + +=item SSLEAY_DIR + +The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" +if available or "OPENSSLDIR: N/A" otherwise. + +=back + +For an unknown B, the text "not available" is returned. + =head1 RETURN VALUE The version number. @@ -42,5 +96,6 @@ L SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. +B was added in OpenSSL 0.9.7. =cut diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod index 1300fe190c..486c903430 100644 --- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod +++ b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod @@ -2,7 +2,8 @@ =head1 NAME -OpenSSL_add_all_algorithms() - add algorithms to internal table +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests - +add algorithms to internal table =head1 SYNOPSIS @@ -43,7 +44,7 @@ by EVP_sha1(). It just needs to add them if it (or any of the functions it calls needs to lookup algorithms. The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialised several functions will misbehave and complain they +the table is not initialized several functions will misbehave and complain they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in the OpenSSL mailing lists. diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod index 0a13ec2a92..67c66f3e0c 100644 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ b/src/lib/libcrypto/doc/RAND_add.pod @@ -2,7 +2,8 @@ =head1 NAME -RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG +RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add +entropy to the PRNG =head1 SYNOPSIS @@ -14,6 +15,7 @@ RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG int RAND_status(void); + int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); void RAND_screen(void); =head1 DESCRIPTION @@ -40,17 +42,24 @@ or L. RAND_seed() is equivalent to RAND_add() when B. +RAND_event() collects the entropy from Windows events such as mouse +movements and other user interaction. It should be called with the +B, B and B arguments of I messages sent to +the window procedure. It will estimate the entropy contained in the +event message (if any), and add it to the PRNG. The program can then +process the messages as usual. + The RAND_screen() function is available for the convenience of Windows programmers. It adds the current contents of the screen to the PRNG. -For applications that can catch Windows events, seeding the PRNG with -the parameters of B events is a significantly better -source of randomness. It should be noted that both methods cannot be -used on servers that run without user interaction. +For applications that can catch Windows events, seeding the PRNG by +calling RAND_event() is a significantly better source of +randomness. It should be noted that both methods cannot be used on +servers that run without user interaction. =head1 RETURN VALUES -RAND_status() returns 1 if the PRNG has been seeded with enough data, -0 otherwise. +RAND_status() and RAND_event() return 1 if the PRNG has been seeded +with enough data, 0 otherwise. The other functions do not return values. @@ -63,6 +72,6 @@ L, L RAND_seed() and RAND_screen() are available in all versions of SSLeay and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL -0.9.5. +0.9.5, RAND_event() in OpenSSL 0.9.5a. =cut diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod index 8dd700ca3d..d8c134e621 100644 --- a/src/lib/libcrypto/doc/RAND_load_file.pod +++ b/src/lib/libcrypto/doc/RAND_load_file.pod @@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file #include - const char *RAND_file_name(char *buf, int num); + const char *RAND_file_name(char *buf, size_t num); int RAND_load_file(const char *filename, long max_bytes); diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod index 466e9b8767..464eba416d 100644 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod @@ -34,10 +34,12 @@ RAND_get_rand_method() returns a pointer to the current method. void (*cleanup)(void); void (*add)(const void *buf, int num, int entropy); int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); } RAND_METHOD; The components point to the implementation of RAND_seed(), -RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand(). +RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() +and RAND_status(). Each component may be NULL if the function is not implemented. =head1 RETURN VALUES diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod index fdaddbcb13..8714f7179d 100644 --- a/src/lib/libcrypto/doc/RSA_generate_key.pod +++ b/src/lib/libcrypto/doc/RSA_generate_key.pod @@ -19,7 +19,7 @@ be seeded prior to calling RSA_generate_key(). The modulus size will be B bits, and the public exponent will be B. Key sizes with B E 1024 should be considered insecure. -The exponent is an odd number, typically 3 or 65535. +The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the progress of the key generation. If B is not B, it diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod index 920dc76325..46cc8f5359 100644 --- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod +++ b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod @@ -17,14 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi void *RSA_get_ex_data(RSA *r, int idx); - int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - - void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - - int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); + typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); =head1 DESCRIPTION diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod index dd968a5274..67876facc5 100644 --- a/src/lib/libcrypto/doc/RSA_print.pod +++ b/src/lib/libcrypto/doc/RSA_print.pod @@ -2,8 +2,9 @@ =head1 NAME -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print -cryptographic parameters +RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, +DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic +parameters =head1 SYNOPSIS diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod index 910c4752b8..e20dfcb551 100644 --- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod +++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod @@ -47,7 +47,7 @@ Encrypting user data directly with RSA is insecure. =back B must be less than RSA_size(B) - 11 for the PKCS #1 v1.5 -based padding modes, and less than RSA_size(B) - 21 for +based padding modes, and less than RSA_size(B) - 41 for RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded prior to calling RSA_public_encrypt(). @@ -74,10 +74,6 @@ SSL, PKCS #1 v2.0 L, L, L, L -=head1 NOTES - -The L method supports only the RSA_PKCS1_PADDING mode. - =head1 HISTORY The B argument was added in SSLeay 0.8. RSA_NO_PADDING is diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod index deb1183a23..14917dd35f 100644 --- a/src/lib/libcrypto/doc/RSA_set_method.pod +++ b/src/lib/libcrypto/doc/RSA_set_method.pod @@ -3,30 +3,29 @@ =head1 NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, -RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method +RSA_get_method, RSA_PKCS1_SSLeay, +RSA_null_method, RSA_flags, RSA_new_method - select RSA method =head1 SYNOPSIS #include + #include - void RSA_set_default_method(RSA_METHOD *meth); + void RSA_set_default_openssl_method(RSA_METHOD *meth); - RSA_METHOD *RSA_get_default_method(void); + RSA_METHOD *RSA_get_default_openssl_method(void); - RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + int RSA_set_method(RSA *rsa, ENGINE *engine); RSA_METHOD *RSA_get_method(RSA *rsa); RSA_METHOD *RSA_PKCS1_SSLeay(void); - RSA_METHOD *RSA_PKCS1_RSAref(void); - RSA_METHOD *RSA_null_method(void); int RSA_flags(RSA *rsa); - RSA *RSA_new_method(RSA_METHOD *method); + RSA *RSA_new_method(ENGINE *engine); =head1 DESCRIPTION @@ -34,35 +33,30 @@ An B specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. -Initially, the default is to use the OpenSSL internal implementation, -unless OpenSSL was configured with the C or C<-DRSA_NULL> -options. RSA_PKCS1_SSLeay() returns a pointer to that method. - -RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref -library. This is the default method in the C configuration; -the function is not available in other configurations. -RSA_null_method() returns a pointer to a method that does not support -the RSA transformation. It is the default if OpenSSL is compiled with -C<-DRSA_NULL>. These methods may be useful in the USA because of a -patent on the RSA cryptosystem. +Initially, the default is to use the OpenSSL internal implementation. +RSA_PKCS1_SSLeay() returns a pointer to that method. -RSA_set_default_method() makes B the default method for all B -structures created later. +RSA_set_default_openssl_method() makes B the default method for all B +structures created later. B This is true only whilst the default engine +for RSA operations remains as "openssl". ENGINEs provide an +encapsulation for implementations of one or more algorithms at a time, and all +the RSA functions mentioned here operate within the scope of the default +"openssl" engine. -RSA_get_default_method() returns a pointer to the current default -method. +RSA_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -RSA_set_method() selects B for all operations using the key +RSA_set_method() selects B for all operations using the key B. -RSA_get_method() returns a pointer to the method currently selected -for B. +RSA_get_method() returns a pointer to the RSA_METHOD from the currently +selected ENGINE for B. RSA_flags() returns the B that are set for B's current method. -RSA_new_method() allocates and initializes an B structure so that -B will be used for the RSA operations. If B is B, -the default method is used. +RSA_new_method() allocates and initializes an RSA structure so that +B will be used for the RSA operations. If B is NULL, +the default engine for RSA operations is used. =head1 THE RSA_METHOD STRUCTURE @@ -87,10 +81,11 @@ the default method is used. int (*rsa_priv_dec)(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); - /* compute r0 = r0 ^ I mod rsa->n. May be NULL */ + /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some + implementations) */ int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); - /* compute r = a ^ p mod m. May be NULL */ + /* compute r = a ^ p mod m (May be NULL for some implementations) */ int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -126,18 +121,21 @@ the default method is used. =head1 RETURN VALUES -RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(), -RSA_get_default_method() and RSA_get_method() return pointers to the -respective Bs. +RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() +and RSA_get_method() return pointers to the respective RSA_METHODs. -RSA_set_default_method() returns no value. +RSA_set_default_openssl_method() returns no value. -RSA_set_method() returns a pointer to the B previously -associated with B. +RSA_set_method() selects B as the engine that will be responsible for +all operations using the structure B. If this function completes successfully, +then the B structure will have its own functional reference of B, so +the caller should remember to free their own reference to B when they are +finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by +ENGINE_get_RSA() or ENGINE_set_RSA(). -RSA_new_method() returns B and sets an error code that can be -obtained by L if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +RSA_new_method() returns NULL and sets an error code that can be +obtained by L if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -150,4 +148,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as well as the rsa_sign and rsa_verify components of RSA_METHOD were added in OpenSSL 0.9.4. +RSA_set_default_openssl_method() and RSA_get_default_openssl_method() +replaced RSA_set_default_method() and RSA_get_default_method() respectively, +and RSA_set_method() and RSA_new_method() were altered to use Bs +rather than Bs during development of OpenSSL 0.9.6. + =cut diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod index 1504a1c92d..210dfeac08 100644 --- a/src/lib/libcrypto/doc/bn.pod +++ b/src/lib/libcrypto/doc/bn.pod @@ -21,19 +21,27 @@ bn - multiprecision integer arithmetics BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); BIGNUM *BN_dup(const BIGNUM *a); + BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); + int BN_num_bytes(const BIGNUM *a); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG w); - int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx); - int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); @@ -54,12 +62,14 @@ bn - multiprecision integer arithmetics int BN_zero(BIGNUM *a); int BN_one(BIGNUM *a); - BIGNUM *BN_value_one(void); + const BIGNUM *BN_value_one(void); int BN_set_word(BIGNUM *a, unsigned long w); unsigned long BN_get_word(BIGNUM *a); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); @@ -137,7 +147,7 @@ of Bs to external formats is described in L. L, L, L, L, L, L, L, -L, L, +L, L, L, L, L, L, L, L, L, L, diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod index 0a9b7c03a2..b4be4be405 100644 --- a/src/lib/libcrypto/doc/dh.pod +++ b/src/lib/libcrypto/doc/dh.pod @@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement =head1 SYNOPSIS #include + #include DH * DH_new(void); void DH_free(DH *dh); @@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); - void DH_set_default_method(DH_METHOD *meth); - DH_METHOD *DH_get_default_method(void); - DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); - DH *DH_new_method(DH_METHOD *meth); + void DH_set_default_openssl_method(DH_METHOD *meth); + DH_METHOD *DH_get_default_openssl_method(void); + int DH_set_method(DH *dh, ENGINE *engine); + DH *DH_new_method(ENGINE *engine); DH_METHOD *DH_OpenSSL(void); int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod index 2c09244899..82d7fb77cd 100644 --- a/src/lib/libcrypto/doc/dsa.pod +++ b/src/lib/libcrypto/doc/dsa.pod @@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm =head1 SYNOPSIS #include + #include DSA * DSA_new(void); void DSA_free(DSA *dsa); @@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm int DSA_verify(int dummy, const unsigned char *dgst, int len, unsigned char *sigbuf, int siglen, DSA *dsa); - void DSA_set_default_method(DSA_METHOD *meth); - DSA_METHOD *DSA_get_default_method(void); - DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); - DSA *DSA_new_method(DSA_METHOD *meth); + void DSA_set_default_openssl_method(DSA_METHOD *meth); + DSA_METHOD *DSA_get_default_openssl_method(void); + int DSA_set_method(DSA *dsa, ENGINE *engine); + DSA *DSA_new_method(ENGINE *engine); DSA_METHOD *DSA_OpenSSL(void); int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod index f089dd49a2..edf47dbde6 100644 --- a/src/lib/libcrypto/doc/evp.pod +++ b/src/lib/libcrypto/doc/evp.pod @@ -10,7 +10,7 @@ evp - high-level cryptographic functions =head1 DESCRIPTION -The EVP library provided a high-level interface to cryptographic +The EVP library provides a high-level interface to cryptographic functions. BI<...> and BI<...> provide public key encryption diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod index 0486c044a6..09ad30cab1 100644 --- a/src/lib/libcrypto/doc/rsa.pod +++ b/src/lib/libcrypto/doc/rsa.pod @@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem =head1 SYNOPSIS #include + #include RSA * RSA_new(void); void RSA_free(RSA *rsa); @@ -31,15 +32,14 @@ rsa - RSA public key cryptosystem int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); - void RSA_set_default_method(RSA_METHOD *meth); - RSA_METHOD *RSA_get_default_method(void); - RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + void RSA_set_default_openssl_method(RSA_METHOD *meth); + RSA_METHOD *RSA_get_default_openssl_method(void); + int RSA_set_method(RSA *rsa, ENGINE *engine); RSA_METHOD *RSA_get_method(RSA *rsa); RSA_METHOD *RSA_PKCS1_SSLeay(void); - RSA_METHOD *RSA_PKCS1_RSAref(void); RSA_METHOD *RSA_null_method(void); int RSA_flags(RSA *rsa); - RSA *RSA_new_method(RSA_METHOD *method); + RSA *RSA_new_method(ENGINE *engine); int RSA_print(BIO *bp, RSA *x, int offset); int RSA_print_fp(FILE *fp, RSA *x, int offset); @@ -86,8 +86,9 @@ contain public as well as private RSA keys: In public keys, the private exponent and the related secret values are B. -B, B and B may be B in private keys, but the -RSA operations are much faster when these values are available. +B

, B, B, B and B may be B in private +keys, but the RSA operations are much faster when these values are +available. =head1 CONFORMING TO @@ -95,7 +96,7 @@ SSL, PKCS #1 v2.0 =head1 PATENTS -RSA is covered by a US patent which expires in September 2000. +RSA was covered by a US patent which expired in September 2000. =head1 SEE ALSO -- cgit v1.2.3-55-g6feb